Controversy ahead - the many challenges facing a UK government national digital ID scheme
It seems we are to expect some sort of announcement on digital identity at the forthcoming Labour conference. Briefings to select national newspapers have trailed the likelihood of prime minister Keir Starmer revealing plans for a national digital ID scheme.
If so, it will inevitably raise more questions than answers, and spark a national debate that will almost certainly entirely miss the point – and quite possibly scupper such a scheme in its infancy.
There are a couple of truisms about digital identity that are, more or less, widely agreed.
First, the economic and social benefits of digital identity are significant and real – take a look at countries where digital IDs are widely used, such as the Nordic countries, Estonia or Singapore. I was in Dubai recently, where UAE residents routinely interact with public authorities through a government app. When it works, digital identity just makes things easier for everyone who decides to use it. (Note, as part of this truism, the deliberate use of “decides to use it”, not “is mandated to use it”).
Second, few people in the UK have any real idea what digital identity means, and many immediately associate it with identity cards, a concept the UK is strongly culturally opposed to.
Any government plan needs from the very start to bridge the enormous gap between those two perspectives. I’m not confident.
In what is unlikely to be coincidence, the Tony Blair Institute (TBI) – a longstanding proponent of a national digital ID scheme – put out another report this week calling for the government to press ahead. It’s impossible to mention TBI’s enthusiasm without also reminding people that as prime minister, Blair was responsible for the much derided and subsequently scrapped national ID card scheme. Immediately, that second truism takes centre stage in the debate.
In a further unlikely-to-be-a-coincidence move, the new secretary of state for technology, Liz Kendall, has appointed a new special advisor – Kirsty Innes, formerly of TBI, where she was one of the leading advocates for a national digital ID.
You can add a third current truism unrelated to digital identity to the mix – public trust in politicians is as low as it’s ever been. The worst way to sell digital ID to a sceptical public will be for politicians to tell them it’s a really good idea to have a national, government-run system.
And then, based on what we can deduce from the limited press briefings so far, it seems Starmer wants to justify a national scheme as a solution to one of his biggest political headaches – immigration.
Sorry, but the more you politicise any technology, the less likely it will be that people embrace it – and especially not in today’s increasingly febrile social climate. Not to mention that even digital ID experts struggle to see how the technology would end so-called illegal immigration.
If you talk to a digital leader about how to make any tech-enabled transformation programme a success, they will tell you it’s a mix of three factors – people, process and technology. Let’s consider how each of these applies to a potential national digital identity scheme.
People
The latest TBI report is built around research which the authors claim shows “majority support among the British public” for digital identity, “with 62% in favour and just 19% opposed”.
I’m calling bullshit on this one.
The report reveals (in small print) that this stat comes from answers to a survey question that asked: “Having thought more about it, to what extent would you now support or oppose the UK introducing a digital-ID system?”
What came before the point of “having thought about it”? If a researcher asks, “A digital identity scheme would reduce immigration, put you more in control of how the government uses your data, and make public services better. Having thought more about it…” – you’re likely to get a positive answer.
If they asked, “A digital identity scheme could allow the government to collect huge amounts of personal data about you and your activities, enable a surveillance state and fundamentally change the relationship between citizen and state. Having thought more about it…” – well, you know the answer you’ll get to that.
Depending on how any ID scheme would be implemented, managed and developed over time, both of those scenarios could be feasible.
I’ve written about digital identity regularly for about 15 years and covered the slow, painful demise of the previous, failed attempt through Gov.uk Verify extensively. Earlier this year, I broke the first stories about security and data protection concerns in Verify’s successor, One Login.
Never at any time, in my experience, has there been any sense at all, that the British public actively wants a digital identity scheme. There is no public demand. Nobody is sitting at home, wishing the government introduced a digital ID or attacking them for not doing so. Anybody who claims that the British public is actively supportive of digital ID is fooling themselves or fooling you.
The British public will need to be educated, persuaded and sold on the idea – without that, it will fail.
Process
TBI’s report is correct when it says, “The time has come for a digital ID that would bring fairness, control and convenience to people’s everyday interactions with each other and with the state.” Truism One above – digital identity, done well, offers significant benefits.
The key phrase here is, “done well”.
A genuinely user-friendly system that brings clear benefits to people’s lives – and which they choose to use – would be popular and grow organically through word of mouth as people see friends and family improving their interactions with public services, making it easier to deal with the state.
Long and bitter experience with government IT systems shows how unlikely it is that government is capable of delivering on such a goal.
A mandatory system, however, that forces people to use a state-controlled tool, whether they like it or not, would most likely deliver benefits for the government, but little approval or acceptance among the public.
Much like the Blair identity card, any opposition party seeing the unpopularity of a poorly devised, mandatory scheme would gain great political capital (and votes) from an election manifesto promise to scrap the system.
If you want the majority of the public to use a national digital identity system, the majority of the public must want to use it. If the government wants this to proceed, it needs to bring the public with it – a system that grows from the ground up, making people’s lives easier, giving people a reason to use it, can work.
A top-down mandate is, I strongly suspect, doomed to fail.
There is an alternative model, as the many private sector suppliers of digital identity systems would tell you.
The government could say that citizens who choose to interact with public services online can use any approved digital identity system. The process is already in place – the Digital Identity and Attributes Framework (DIATF) – to offer a legally backed, government-approved trustmark for those systems that meet the required standards.
Immediately this removes accusations of centralised databases or government gathering personal data about citizens through a single, national system. The public get to choose which digital ID system they use – perhaps one from their trusted bank, for example, or through a preferred technology supplier such as Apple or Google on their mobile phones.
This way, the public gets the benefits of digital ID, without the “government snooping” over-reach of a nationwide data collection system. And we also don’t end up relying on a single, government-developed piece of software – the public would soon flock towards the digital ID apps that offered the best security, control and ease of use. The government could still offer its own app should people choose to use it – but it has to compete with the best the industry can provide.
Technology
Earlier this year, the government launched its first ever Gov.uk App. It’s taken nearly two decades of apps being the primary way that mobile phone users access online services to reach this point. The app is as rudimentary as it gets – basically a simple browser-like interface to the same Gov.uk pages people are already familiar with. It adds no value – but for the government, offers promise of a much better app to come. It needs to.
The civil service does not move fast enough to provide a continuously developed and supported app that would be used by the majority of citizens. It takes an enormous number of people and a software company mindset to provide and support an app that may be used regularly by maybe 50 million people or more. TBI suggests that if it works, it would cost £100m per year, but deliver £2bn in benefits.
That’s a very big “if”.
Some estimates suggest that across Whitehall, Verify wasted over half a billion pounds before it was scrapped. The development costs of One Login already look like reaching or even exceeding that figure over time, yet still there are concerns over elements of its security and little transparency around what is being done to address those concerns.
If One Login is to be the foundation of a proposed national scheme, the team leading its development will need to become a lot more open about what it costs, how its problems are being fixed, and the details of its future plans. How can the public be expected to trust a national digital ID scheme if the team developing it refuse to be open about what’s going on?
There is still a problem with the private sector alternatives too – there are simply too many of them. It’s a nascent, emerging market with no clear winners yet. You can’t go to the public with a national scheme and offer more than 40 alternatives, the vast majority of which are from companies the public has never heard of. As soon as Google or Apple enter the market – and if there’s a national scheme, you can be sure they will – they would corner the market through familiarity alone.
But do we want to hand even more of our national digital infrastructure to US-based Big Tech companies? Do we want Big Tech to be responsible for handling the digital identity of everyone who interacts with the public sector? Again, in the current climate – most of the public would say no.
Devil, detail, etc
Until the government announces its plans, we can only speculate on what form any national digital identity scheme might take – but we can be sure it will be controversial. The devil, as ever, will be in the detail.
The politics will be hard to sell.
The public will be hard to convince.
The technology will be hard to get right.
Why? Because digital identity is hard.
The UK would undoubtedly benefit from more widespread use of the technology – economically and socially – but only if the government and the many likely critics of its plans take the time to fully understand what digital identity is, how it works, and the differing routes to bringing it to the public.
And that’s going to be even harder to achieve.